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DETAILED ACTION 

1 . Applicant's arguments filed July 22, 2005, have been fully considered but they 
are not persuasive. 

2. Claims 1-24 are pending and have been examined. 

Response to Amendment 

3. Regarding the Double Patenting rejection, Examiner directs Applicant's attention 
to pages 2-3 of the prior Office Action where Examiner specifically pointed out the claim 
language on each application that show the rejection is based on the claim language, 
not on the disclosure. 

Examiner was not mapping language found on the specification, but rather 
language found in the claims of the instant application to the language of the claims in 
the copending application. 

The Double Patenting rejection is not withdrawn (emphasis added). 

4. Examiner approves the amendment to the specification received on July 22, 
2005. The objection to the specification is withdrawn. 

5. Examiner approves the amendment to the drawings received on July 22, 2005. 
The objection to the drawings is withdrawn. The specific objection to reference 
character 18 being used for both "database" and "HTML" is also withdrawn. 

6. The rejection under 35 U.S.C. 101 is withdrawn. 

7. Regarding Applicant's argument that Maloney does not teach or suggest the 
claimed feature of "decoding the captured data from a first predetermined format to a 
second predetermined format decipherable by humans", Examiner has given the claims 
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the broadest reasonable interpretation consistent with the specification, thus, a parsing 
tool to parse the data and make it available to an analytical engine for analyzing the 
data captured by the discovery tool clearly teach the claimed feature, as someone of 
ordinary skill in the art would. Furthermore, Maloney clearly refers to data on networks, 
packets that are analyzed to determine usage patterns and intrusion events (column 5, 
lines 1-67, column 11, lines 1-67, column 12, lines 1-42). 

Double Patenting 

8. Claims 1-8, 10-19, and 21-24 are provisionally rejected under the judicially 
created doctrine of obviousness-type double patenting as being unpatentable over 
claims 1-8, 9-18, and 20-23 of copending Application No. 10/002,064. Although the 
conflicting claims are not identical, they are not patentably distinct from each other 
because the subject matter claimed in the instant application is fully disclosed in the 
referenced copending application. 

This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 

9. The subject matter claimed in the instant application is fully disclosed in the 
referenced copending application and would be covered by any patent granted on that 
copending application since the referenced copending application and the instant 
application are claiming common subject matter, as follows: the copending application 
discloses a method of displaying data, comprising: capturing and decoding data, 
correlating data components, retrieving a web-browser template, and graphically 
displaying the correlated decoded data; the instant application discloses a method of 
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displaying data, comprising: capturing and decoding data, correlating data components, 
and graphically displaying the correlated decoded data. 
10. Claims 1-8, 10-19, and 21-24 of the instant application are envisioned by 
copending Application No. 10/002,064's claims 1-8, 9-18, and 20-23 in that claims 1-8, 
9-18, and 20-23 of the copending application contain all the limitations of claims 1-8, 10- 
19, and 21-24 of the instant application. Claims 1-8, 10-19, and 21-24 of the instant 
application therefore are not patently distinct from the copending application claims and 
as such are unpatentable for obvious-type double patenting. 
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Claim Rejections - 35 USC § 102 

1 1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

12. Claims 1, 5-10, 13-17, and 21-24 are rejected under 35 U.S.C. 102(a) as 
being anticipated by Maloney et al. (US Patent Number: 6,269,447). 

Regarding claim 1 , Maloney et al. teach capturing data related to the intrusion 
event (column 4, lines 34-37); decoding the captured data from a first predetermined 
format to a second predetermined format decipherable by humans, the decoded data in 
turn comprising intrusion signature, data summary, and detailed data (column 4, lines 
34-40); correlating data components of the intrusion signature, data summary and 
detailed data to one another (column 4, lines 53-60); and graphically displaying the 
correlated decoded data components (column 4, lines 47-53). 

Regarding claim 5, Maloney et al. teach wherein capturing data comprises 
capturing network data packets of the intrusion event (column 4, lines 34-37, column 7, 
lines 23-27). 

Regarding claim 6, Maloney et al. teach wherein decoding the captured data 
comprises decoding the captured data from a binary format to a human-readable text 
format (column 6, lines 8-20). 

Regarding claim 7, Maloney et al. teach wherein decoding the captured data 
comprises decoding the captured data to decoded data having a data link layer protocol 
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header, a network layer protocol header, a network layer protocol data summary, and 
packet data in hexadecimal format (column 4, lines 24-33, column 7, lines 65-67, 
column 8, lines 1-12). 

Regarding claim 8, Maloney et al. teach wherein decoding the captured data 
comprises decoding the captured data to decoded data having an Ethernet header, an 
IP header, an IP data summary, and packet data in hexadecimal format (column 4, lines 
24-33, column 7, lines 65-67, column 8, lines 1-12). 

Regarding claim 9, Maloney et al. teach the method, as set forth in claim 1, 
further comprising storing the captured data (column 4, lines 24-26). 

Regarding claim 10, Maloney et al. teach capturing data related to the intrusion 
event (column 4, lines 34-37) (the data comprising data components of intrusion 
signature, data summary, and detailed data) (column 4, lines 34-40); correlating data 
components of the intrusion signature, data summary and detailed data to one another 
(column 4, lines 53-60); and graphically displaying the correlated data components 
(column 4, lines 47-53). 

Regarding claim 13, Maloney et al. teach wherein capturing data comprises 
capturing network data packets of the intrusion event in response to detecting the 
presence of a predetermined signature in the network data packet (column 4, lines 34- 
37, column 2, lines 23-33, column 12, lines 21-42). 

Regarding claim 14, Maloney et al. teach the method, as set forth in claim 10, 
further comprising decoding the captured data from a binary format to a human- 
readable text format (column 6, lines 8-20). 
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Regarding claim 15, Maloney et al. teach the method, as set forth in claim 10, 
further comprising decoding the captured data to decoded data having a data link layer 
protocol header, a network layer protocol header, a network layer protocol data 
summary, and packet data in hexadecimal format (column 4, lines 24-33, column 7, 
lines 65-67, column 8, lines 1-12). 

Regarding claim 16, Maloney et al. teach the method, as set forth in claim 10, 
further comprising decoding the captured data to decoded data having an Ethernet 
header, an IP header, an IP data summary, and packet data in hexadecimal format 
(column 4, lines 24-33, column 7, lines 65-67, column 8, lines 1-12). 

Regarding claim 17, Maloney et al. teach a network driver capturing data 
related to an intrusion event upon detecting a predetermined intrusion signature 
(column 7, lines 23-27, column 2, lines 23-33, column 12, lines 21-42); a decode engine 
decoding the captured data from a first predetermined format to a second 
predetermined format decipherable by humans, the decoded data comprising data 
components of intrusion event data, data summary, and detailed data (column 4, lines 
34-40); and a user interface correlating data components of the intrusion signature, 
intrusion event data, data summary and detailed data to one another (column 4, lines 
53-60) and displaying the correlated decoded data components (column 4, lines 47-53). 

Regarding claim 21, Maloney et al. teach the system, as set forth in claim 17, 
wherein the network driver captures network data packets of the intrusion event in 
response to the intrusion detection system detecting a predetermined intrusion 
signature (column 7, lines 23-27, column 2, lines 23-33, column 12, lines 21-42). 
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Regarding claim 22, Maloney et al. teach the system, as set forth in claim 17, 
wherein the decode engine decodes the captured data from a binary format to a human- 
readable text format (column 6, lines 8-20). 

Regarding claim 23, Maloney et al. teach the system, as set forth in claim 17, 
wherein the decode engine decodes the captured data to decoded data having a data 
link layer protocol header, a network layer protocol header, a network layer protocol 
data summary, and packet data in hexadecimal format (column 4, lines 24-33, column 
7, lines 65-67, column 8, lines 1-12). 

Regarding claim 24, Maloney et al. teach the system, as set forth in claim 17, 
wherein the decode engine decodes the captured data to decoded data having an 
Ethernet header, an IP header, an IP data summary, and packet data in hexadecimal 
format (column 4, lines 24-33, column 7, lines 65-67, column 8, lines 1-12). 
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Claim Rejections - 35 USC § 103 

13. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

14. Claims 2-4, 11-12, and 18-20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Maloney et al. as applied to claims 1,10, and 17 respectively 
above, and further in view of Slodowski et al. (US Patent Number: 6,775,583). 

Regarding claim 2, Maloney et al. do not expressly disclose wherein graphically 
displaying the correlated decoded data components comprises graphically highlighting 
correlated data components of intrusion signature, data summary and detailed data. 
However, Slodowski et al. teach wherein graphically displaying the correlated decoded 
data components comprises graphically highlighting correlated data components of 
intrusion signature, data summary and detailed data (column 5, lines 13-43). Therefore, 
it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to graphically display data, highlighting correlated data. One of 
ordinary skill in the art would have been motivated to do so to provide users with an 
easy to learn, easy to handle, and comfortable data arrangement (Slodowski et al., 
column 2, lines 54-67). 

Regarding claim 3, Maloney et al. do not expressly disclose receiving a user 
input selecting a displayed data component; graphically highlighting data components 
correlated to the selected data component. However, Slodowski et al. teach receiving a 
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user input selecting a displayed data component; graphically highlighting data 
components correlated to the selected data component (column 5, lines 13-43). 
Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to graphically display data, highlighting correlated data. One of 
ordinary skill in the art would have been motivated to do so to provide users with an 
easy to learn, easy to handle, and comfortable data arrangement (Slodowski et al., 
column 2, lines 54-67). 

Regarding claim 4, Maloney et al. do not expressly disclose receiving a user 
input selecting a displayed data component; graphically highlighting the user selected 
data component; and graphically highlighting data components correlated to the 
selected data component. However, Slodowski et al. teach receiving a user input 
selecting a displayed data component; graphically highlighting the user selected data 
component; and graphically highlighting data components correlated to the selected 
data component (column 5, lines 13-43). Therefore, it would have been obvious to one 
having ordinary skill in the art at the time the invention was made to graphically display 
data, highlighting correlated data. One of ordinary skill in the art would have been 
motiviated to do so to provide users with an easy to learn, easy to handle, and 
comfortable data arrangement (Slodowski et al., column 2, lines 54-67). 

Regarding claim 11, Maloney et al. do not expressly disclose receiving a user 
input selecting a displayed data component; and graphically highlighting all data 
components correlated to the selected data component. However, Slodowski et al. 
teach receiving a user input selecting a displayed data component; and graphically 
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highlighting all data components correlated to the selected data component (column 5, 
lines 13-43). Therefore, it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to graphically display data, highlighting 
correlated data. One of ordinary skill in the art would have been motivated to do so to 
provide users with an easy to learn, easy to handle, and comfortable data arrangement 
(Slodowski et al., column 2, lines 54-67). 

Regarding claim 12, Maloney et al. do not expressly disclose receiving a user 
input selecting a displayed data component; graphically highlighting the user selected 
data component; and graphically highlighting all data components correlated to the 
selected data component. However, Slodowski et al. teach receiving a user input 
selecting a displayed data component; graphically highlighting the user selected data 
component; and graphically highlighting all data components correlated to the selected 
data component (column 5, lines 13-43). Therefore, it would have been obvious to one 
having ordinary skill in the art at the time the invention was made to graphically display 
data, highlighting correlated data. One of ordinary skill in the art would have been 
motivated to do so to provide users with an easy to learn, easy to handle, and 
comfortable data arrangement (Slodowski et al., column 2, lines 54-67). 

Regarding claim 18, Maloney et al. do not expressly disclose wherein the user 
interface graphically highlights correlated data components of intrusion event data, data 
summary and detailed data. However, Slodowski et al. teach wherein the user interface 
graphically highlights correlated data components of intrusion event data, data summary 
and detailed data (column 5, lines 13-43). Therefore, it would have been obvious to one 
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having ordinary skill in the art at the time the invention was made to graphically display 
data, highlighting correlated data. One of ordinary skill in the art would have been 
motivated to do so to provide users with an easy to learn, easy to handle, and 
comfortable data arrangement (Slodowski et al., column 2, lines 54-67). 

Regarding claim 19, Maloney et al. do not expressly disclose wherein the user 
interface is operable to receive a user input selecting a displayed data component, and 
graphically highlight all data components correlated to the selected data component. 
However, Slodowski et al. teach wherein the user interface is operable to receive a user 
input selecting a displayed data component, and graphically highlight all data 
components correlated to the selected data component (column 5, lines 13-43). 
Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to graphically display data, highlighting correlated data. One of 
ordinary skill in the art would have been motivated to do so to provide users with an 
easy to learn, easy to handle, and comfortable data arrangement (Slodowski et al., 
column 2, lines 54-67). 

Regarding claim 20, Maloney et al. do not expressly disclose wherein the user 
interface is operable to receive a user input selecting a displayed data component, 
highlight the user selected data component, and highlight all data components 
correlated to the selected data component. However, Slodowski et al. teach wherein the 
user interface is operable to receive a user input selecting a displayed data component, 
highlight the user selected data component, and highlight all data components 
correlated to the selected data component (column 5, lines 13-43). Therefore, it would 
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have been obvious to one having ordinary skill in the art at the time the invention was 
made to graphically display data, highlighting correlated data. One of ordinary skill in the 
art would have been motivated to do so to provide users with an easy to learn, easy to 
handle, and comfortable data arrangement (Slodowski et al., column 2, lines 54-67). 
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Conclusion 

1 5. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisor/ action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

16. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David G. Cervetti whose telephone number is (571) 272- 
5861. The examiner can normally be reached on Monday-Friday 7:00 am - 5:00 pm, off 
on Wednesday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on (571) 272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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